[openssl-users] DH p parameter length

Hello everybody, I'm trying to force openssl s_server to use DH p parameter of 2048 bits length, but I can't find the way to do it. I've noticed that the length of p parameter depends on chosen cipher. For example, if I'm using DHE_PSK_WITH_AES_128_CBC_SHA256 the length of p parameter is 1024

[openssl-users] CVE 2017-3735 OOB read

From https://www.openssl.org/news/secadv/20170828.txt OpenSSL Security Advisory [28 Aug 2017] Malformed X.509 IPAdressFamily could cause OOB read (CVE-2017-3735) === Severity: Low If an X

[openssl-users] proposed changes to ruby-openssl create_extension

Like Bob Moskowitz who has been posting about IDevID, I have also been creating certificates with custom/private extensions in aid of creating IDevIDs. I'm one of the authors of both: https://datatracker.ietf.org/doc/draft-ietf-anima-bootstrapping-keyinfra/ and

Re: [openssl-users] Existing connections on certification expires

On 08/28/2017 09:44 AM, Alan Buxey wrote: hi, 2) How can i get the list of ciphers supported by openssl 01.01.0f ? openssl ciphers -v ??? These question looks to be very basic but i could not find any concrete information regarding the same googling. Google provides the answers if

Re: [openssl-users] Existing connections on certification expires

hi, > 2) How can i get the list of ciphers supported by openssl 01.01.0f ? openssl ciphers -v ??? > These question looks to be very basic but i could not find any concrete > information regarding the same googling. Google provides the answers if your question is well formed. or you could

Re: [openssl-users] Existing connections on certification expires

On 08/28/2017 09:07 AM, Viktor Dukhovni wrote: On Mon, Aug 28, 2017 at 06:13:51AM -0400, Robert Moskowitz wrote: 1) What happens to the existing SSL connections on certification expiry? Does the openssl disconnects the existing connection? No, once authenticated, TLS connections continue

Re: [openssl-users] Existing connections on certification expires

On Mon, Aug 28, 2017 at 06:13:51AM -0400, Robert Moskowitz wrote: > > 1) What happens to the existing SSL connections on certification expiry? > > Does the openssl disconnects the existing connection? No, once authenticated, TLS connections continue indefinitely, until either party chooses to

Re: [openssl-users] Existing connections on certification expires

On 08/28/2017 06:13 AM, Robert Moskowitz wrote: On 08/28/2017 01:09 AM, mahesh gs wrote: Hello All, We are using openssl for providing the secured communication for our application. I have some basic queries about the openssl behaviour. 1) What happens to the existing SSL connections on

Re: [openssl-users] Existing connections on certification expires

On 08/28/2017 01:09 AM, mahesh gs wrote: Hello All, We are using openssl for providing the secured communication for our application. I have some basic queries about the openssl behaviour. 1) What happens to the existing SSL connections on certification expiry? Does the openssl

Re: [openssl-users] Existing connections on certification expires

> On 28 Aug 2017, at 13:09, mahesh gs wrote: > > Hello All, > > We are using openssl for providing the secured communication for our > application. I have some basic queries about the openssl behaviour. > > 1) What happens to the existing SSL connections on certification